חיפוש בתמיכה

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How to completely sanitise a given host from Firefox so it'd act the same as in private window?

  • 5 תגובות
  • 0 have this problem
  • 32 views
  • תגובה אחרונה מאת cprn

more options

I have a few websites, among them glovoapp.com and work Kibana, that don't open properly in my regular Firefox session any more even though I tried to remove cookies related to those websites and anything else I could think of. They work fine in private window but it means I have to authenticate each time. What steps do I need to perform to completely clean a website settings from Firefox memory?

In case of Glovo (and several other websites) in regular Firefox session there's an error: Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src"). Same doesn't happen in private window.

In case of Kibana (and several other websites) in regular session Firefox somehow remembers old authentication - it doesn't ask for new credentials and doesn't send Sec-Fetch-User header (which results in Kibana throwing HTTP 405 Method Not Allowed). In private window the header is sent correctly.

I'm using Tridactyl so I tried to use the :sanitise glovoapp.com command which, in theory, should remove everything that can be removed with API calls as described on https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/browsingData/DataTypeSet - it's not enough.

I have a few websites, among them glovoapp.com and work Kibana, that don't open properly in my regular Firefox session any more even though I tried to remove cookies related to those websites and anything else I could think of. They work fine in private window but it means I have to authenticate each time. What steps do I need to perform to completely clean a website settings from Firefox memory? In case of Glovo (and several other websites) in regular Firefox session there's an error: '''Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src").''' Same doesn't happen in private window. In case of Kibana (and several other websites) in regular session Firefox somehow remembers old authentication - it doesn't ask for new credentials and doesn't send '''Sec-Fetch-User''' header (which results in Kibana throwing HTTP 405 Method Not Allowed). In private window the header is sent correctly. I'm using Tridactyl so I tried to use the ''':sanitise glovoapp.com''' command which, in theory, should remove everything that can be removed with API calls as described on https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/browsingData/DataTypeSet - it's not enough.

פתרון נבחר

You can check for issues with Total Cookie Protection.

Firefox shows a purple shield instead of a gray shield at the left end of the location/address bar in case Enhanced Tracking Protection is blocking content.

  • click the shield icon for more detail and possibly disable the protection

You can check the Web Console for relevant-looking messages about blocked content.

Read this answer in context 👍 1

כל התגובות (5)

more options

פתרון נבחר

You can check for issues with Total Cookie Protection.

Firefox shows a purple shield instead of a gray shield at the left end of the location/address bar in case Enhanced Tracking Protection is blocking content.

  • click the shield icon for more detail and possibly disable the protection

You can check the Web Console for relevant-looking messages about blocked content.

more options

cor-el said

You can check for issues with Total Cookie Protection. [...]

Disabling the enhanced tracking protection solved the issue with all websites that shown Content Security Policy error, including glovoapp.com - thank you! I can't edit the question to make it only about Glovo but I'll mark your answer as solution.

השתנתה ב־ על־ידי cprn

more options

cprn said

In case of Kibana (and several other websites) in regular session Firefox somehow remembers old authentication - it doesn't ask for new credentials and doesn't send Sec-Fetch-User header (which results in Kibana throwing HTTP 405 Method Not Allowed). In private window the header is sent correctly.

That part remains unsolved.

more options

You may have to create a cookie allow exception to workaround cross-site cookie issues.

You can create a cookie allow exception with the proper protocol (https:// or http://) for the current domain via "Tools -> Page Info -> Permissions" or add an allow exception for third-party domains via "Settings".

  • Settings -> Privacy & Security -> Cookies and Site Data -> "Manage Exceptions"

השתנתה ב־ על־ידי cor-el

more options

It didn't help with Kibana-like issue. Long time ago I identified on several internal websites with a certificate (as in attachment) and checked Remember this decision. Now on half of those websites I have to use a new certificate - I've installed it in Firefox but the browser doesn't ask for the new credential, it just keeps trying to use the old one. I don't think it has anything to do with cookies. That's why the original question is about "sanitizing" given host/domain, as in: remove all settings and set them to defaults because there's apparently more than just cookies.

השתנתה ב־ על־ידי cprn